ab6072029fbfe3703d06812e81c5ba2b52f9eb1b921124a1974bc024901056b2[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ab6072029fbfe3703d06812e81c5ba2b52f9eb1b921124a1974bc024901056b2.zip.zip
Size

3.4MB
MD5

0f938cc72f9120418cf799d74eeabc33
SHA1

2bb1af3f8b2991e1ab3ebde87a4046a3fcee2367
SHA256

19318b00c843f80317450a04449e3f38349f6547880fc886df8682029c408bbe
SHA512

7b6c00b89c844bfac21708b2901a2d98436659017cac49fa0b76629d4eae4716e778b0c28fd9904f892f681f1943faca643a7748b541350cb6da8f9c77516f96
SSDEEP

98304:O7ptICBoFl3EojO94CZuhgABIN5x7Qbtqz:WW3dlheN/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/EFI/AfuEfix64.efi
unpack002/Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/afuwin.exe
unpack002/Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/afuwinx64.exe

Files

ab6072029fbfe3703d06812e81c5ba2b52f9eb1b921124a1974bc024901056b2.zip.zip
.zip

Password: infected
ab6072029fbfe3703d06812e81c5ba2b52f9eb1b921124a1974bc024901056b2.zip
.zip
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/EFI/AfuEfix64.efi
.dll windows:0 windows x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/EFI/flashbios.nsh
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/EFI/readme.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Lnx/afulnx_32
.elf linux x86
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Lnx/afulnx_64
.elf linux x64
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Lnx/flashbios.sh
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Lnx/readme32.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Lnx/readme32_afulnx.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Lnx/readme64.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Lnx/readme64_afulnx.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/BIOS.BAT
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/afuwin.exe
.exe windows:5 windows x86

0db6a193b87bfcc444a3c59765aa9c05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassExA
ExitWindowsEx
BlockInput
SystemParametersInfoA
wsprintfA
MessageBoxA

kernel32

SetThreadExecutionState
GetLastError
CreateMutexA
SetConsoleCtrlHandler
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileA
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateFileA
DeviceIoControl
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
GetFullPathNameA
CreateThread
LocalFree
CreateNamedPipeA
WriteFile
ReadFile
FormatMessageA
SetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableA
SetEndOfFile
GetProcessHeap
ReadConsoleInputA
SetConsoleMode
CloseHandle
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
HeapFree
GetCommandLineA
HeapAlloc
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetFileAttributesA
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetFilePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/afuwinx64.exe
.exe windows:5 windows x64

ee9a6951df54c526cd9f4a8b19f1942a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassExA
ExitWindowsEx
BlockInput
SystemParametersInfoA
wsprintfA
MessageBoxA

kernel32

SetThreadExecutionState
GetLastError
CreateMutexA
SetConsoleCtrlHandler
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileA
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateFileA
DeviceIoControl
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
GetFullPathNameA
CreateThread
LocalFree
CreateNamedPipeA
WriteFile
ReadFile
FormatMessageA
SetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableA
SetEndOfFile
GetProcessHeap
ReadConsoleInputA
SetConsoleMode
CloseHandle
FlsFree
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
HeapFree
GetCommandLineA
HeapAlloc
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
GetFileAttributesA
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
RtlUnwindEx
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetFilePointer
InitializeCriticalSectionAndSpinCount
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/amifldrv32.sys
.sys windows:5 windows x86

27e9d7ad361f163929dc50e04b659554

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5b:a2:90:5d:11:f5:cf:bb:c5:3a:b2:1b:fd:39:de:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/06/2012, 00:00

Not After

26/06/2015, 23:59

Subject

CN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:bd:cb:33:26:35:f5:ad:f4:33:6d:35:e8:c6:59:50:49:44:6e:74
Signer

Actual PE Digest

0d:bd:cb:33:26:35:f5:ad:f4:33:6d:35:e8:c6:59:50:49:44:6e:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
MmFreeContiguousMemory
IoFreeMdl
MmMapLockedPages
MmMapLockedPagesSpecifyCache
PsGetVersion
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwMapViewOfSection
MmIsAddressValid
MmAllocateContiguousMemory
MmUnmapLockedPages
IoDeleteDevice
IoDeleteSymbolicLink
memmove
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ZwClose
WRITE_REGISTER_ULONG
WRITE_REGISTER_USHORT
WRITE_REGISTER_UCHAR
READ_REGISTER_ULONG
READ_REGISTER_USHORT
READ_REGISTER_UCHAR
MmUnmapIoSpace
MmGetPhysicalAddress
MmMapIoSpace

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
KfRaiseIrql

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/amifldrv64.sys
.sys windows:5 windows x64

4c0161f638d5acafe23fcee3c5e86f15

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5b:a2:90:5d:11:f5:cf:bb:c5:3a:b2:1b:fd:39:de:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/06/2012, 00:00

Not After

26/06/2015, 23:59

Subject

CN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:6b:ce:2c:e6:97:88:3e:ba:0c:05:1e:d4:87:de:63:04:d7:3c:d3
Signer

Actual PE Digest

71:6b:ce:2c:e6:97:88:3e:ba:0c:05:1e:d4:87:de:63:04:d7:3c:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
MmFreeContiguousMemory
IoFreeMdl
MmMapLockedPages
MmMapLockedPagesSpecifyCache
PsGetVersion
MmUnmapIoSpace
IoAllocateMdl
MmGetPhysicalAddress
MmIsAddressValid
MmAllocateContiguousMemory
MmUnmapLockedPages
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
MmBuildMdlForNonPagedPool
MmMapIoSpace

hal

HalTranslateBusAddress

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/readme32.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/Win/readme64.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/ZA10A220.rom
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/readme.txt
Bruins_BIOS_PKG_ZA10A220_20170414_Default Setting/releasenote.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

.text Size: 325KB - Virtual size: 325KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 1.0MB

.pdata Size: 14KB - Virtual size: 13KB

.CRT Size: 512B - Virtual size: 136B

.reloc Size: 4KB - Virtual size: 4KB

0db6a193b87bfcc444a3c59765aa9c05

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

shell32

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 1KB

ee9a6951df54c526cd9f4a8b19f1942a

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

shell32

Sections

.text Size: 300KB - Virtual size: 300KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 10KB - Virtual size: 59KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

27e9d7ad361f163929dc50e04b659554

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5b:a2:90:5d:11:f5:cf:bb:c5:3a:b2:1b:fd:39:de:feCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0d:bd:cb:33:26:35:f5:ad:f4:33:6d:35:e8:c6:59:50:49:44:6e:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 384B - Virtual size: 296B

.data Size: 128B - Virtual size: 4B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 256B - Virtual size: 230B

4c0161f638d5acafe23fcee3c5e86f15

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

.text
Size: 325KB - Virtual size: 325KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 1.0MB

.pdata
Size: 14KB - Virtual size: 13KB

.CRT
Size: 512B - Virtual size: 136B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 300KB - Virtual size: 300KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 10KB - Virtual size: 59KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5b:a2:90:5d:11:f5:cf:bb:c5:3a:b2:1b:fd:39:de:fe
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:bd:cb:33:26:35:f5:ad:f4:33:6d:35:e8:c6:59:50:49:44:6e:74
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 296B

.data
Size: 128B - Virtual size: 4B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 256B - Virtual size: 230B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5b:a2:90:5d:11:f5:cf:bb:c5:3a:b2:1b:fd:39:de:fe
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

71:6b:ce:2c:e6:97:88:3e:ba:0c:05:1e:d4:87:de:63:04:d7:3c:d3
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1024B - Virtual size: 688B

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 216B

INIT
Size: 1024B - Virtual size: 942B